Again, the intent of this thread is
NOT to turn this into a debate over which browser is better! Nor was it intended to provide an avenue to monger fear into nearly .6 billion IE users!
I will say again,
Quote:
|
Virtually EVERY exploitable vulnerability in Internet Explorer, Windows, or even Firefox (which has several too) can ONLY be exploited by bad guys if the user fails to consistently practice safe computing in a disciplined manner.
|
As the first "hit" in your Google search suggests, and as stated in my very first step in the list above:
Quote:
|
...keep your systems...updated, including current versions (such as IE7)
|
Microsoft has taken great measures to address ActiveX controls (and many other security issues) in Internet Explorer 7. Yes, IE7 is still IE, so ActiveX concerns are still valid, but IE7 warns you
before running new ActiveX controls, something IE6 did not.
But, the browser of choice is not the point of this thread.
It matters not what browser you use! All of the steps included in practicing safe computing are totally independent of the browser used. You cannot cease performing any of those steps simply because you change to an alternative browser.
The purpose of this thread is to educate folks. Not instill fear. It is simply ludicrous to suggest, as you have done, that
just because one uses IE instead of FF, he or she
will become a victim of a drive-by download, which
will exploit some vulnerability, that
will result in their system being compromised!
That is NOT true, folks! If that were the case, then virtually all .6 billion Windows users in this world would be using compromised computers (assuming they still worked at all) and that is not the case. Yes, it is true that FF is less vulnerable to some types of vulnerabilities, but the fact remains, folks, getting a drive-by download is like downloading spyware in a cookie - it means NOTHING unless the bad guy can then some how gain control of that code, use that code to exploit some OTHER vulnerability in Windows (
most often an UNPATCHED vulnerability) or your security defenses, that will then some how compromise your system, and/or get past your AV, AS, and your firewall.
Education is the key, and that is the purpose of this thread.
Quote:
|
The HABITS, perceived risks, and practice of safe computing is often too inconvenient and just not seemingly worth the bother. All that available and attractive free (risk-based) content often puts caution to the wind - and the bad guys are counting on it.
|
That's a cop out! Some folks think buckling their seat belts is inconvenient, but not wearing one is still stupid! Yes,
setting up your security defense does take too much work and is inconvenient. But once setup, updates and scans can be scheduled to run automatically, with little or no user involvement thereafter. Just as seat belts allow a driver to keep, or quickly regain, control in an accident, thus minimizing hitting and hurting others, so too does practicing safe computing protect our fellow Internet (and network) users from our systems infecting theirs. In other words, it is our
responsibility to keep our systems from becoming a danger to others - convenient or not.
You are right, however, when you say bad guys are counting on finding users who fail to practice safe computing - my point all along. As I noted, they go for the easy pickings.
As a Beta tester for Firetrust Sitehound (and MailWasher Pro), I agree those type tools have merit and Sitehound is excellent at detecting phishing and other malicious sites. It is particularly great for those of us that actively fight bad guys because it provides so much information. But IE7 has an excellent Phishing Filter which is quite capable, does not consume any toolbar or system/notification tray space, and is free.
For more information on Drive-by downloads with IE7, see
here.
Now please, let's not drive this thread off-topic. It is not a discussion about browsers.